In message <19970716141012.56758@pyy.jmp.fi> Jukka Marin wrote:
> Houston, we have a problem.
>
> This is out network configuration:
>
> --> router <--Ether--> NetBSD_A <--PPP--> NetBSD_B <--Ether--> Win95
The TCP stack sets the DF flag (dont't fragment) so packets greater than
MTU size will not be transmitted (netstat -p ip should show the as
'datagrams that can't be fragmented').
You can either increase the MTU on the PPP line or add a -mtu MTU to the
routes going over the PPP-line. (the later doesn't help for forwarded packets)
I think windows uses something over 1500 bytes as MTU so increasing the MTU
for the PPP line may be you're only options (besides hacking the kernel
to ignore the DF flag ...).
As far as I know www.merita.fi runs an OS that doesn't do MTU discovery.
The packets below are bigger than PPP MTU so they'll never make it. Merita
does set the DF bit but doesn't back down in size (as it should for MTU
discovery).
>
> Here's a tcpdump output from NetBSD_B:
>
[...]
> 14:00:47.229362 www.merita.fi.www > torakka.jmp.fi.1034: . 1:1461(1460) ack 1
> 88 win 8573 (DF)
> 14:00:47.323904 www.merita.fi.www > torakka.jmp.fi.1034: . 1461:2921(1460) ac
> k 188 win 8573 (DF)
[...]
> 14:02:21.340368 www.merita.fi.www > torakka.jmp.fi.1034: . 1:1461(1460) ack 1
> 88 win 8573 (DF)
> 14:05:46.693265 torakka.jmp.fi.1034 > www.merita.fi.www: R 11789672:11789672(
> 0) win 0 (DF)
>
[...]
> The MTU of the PPP link is set to 576 - after having similar problems a few
> months ago. Some people are pretty annoyed because they can't connect to
> their bank at all... Even stanger, NetBSD_B can connect to the same WWW
> server just fine.
Thats because netbas sets the MSS size for TCP to the MTU of the PPP interface,
this only works on the machine with the interface. Normaly a TCP stack
shouldn't advertise an MSS bigger than 512 if it can't do dynamic MTU discovery.
(MSS = MTU - tcp_header - ip_header).
The bug is in windows and on the merita system. Sending to destinations outside
of the local network with DF set, an MSS > 512 and no dynamic MTU discovery is
a call for trouble. (A lot of routers ignore the DF bit, thats the practical
approach to ...)
I would patch the kernel to ignore the DF bit. Maybe this should become
an sysctl option or an interface option.
Stefan
>
> Ideas?
>
> -jm the problem finder
>
>
> --
>
> 1503 kHz @ 22:30 EET DST Mon-Fri
>
> ---> http://www.jmp.fi/~jmarin/ <---
--
Stefan Grefen Tandem Computers Europe Inc.
grefen@hprc.tandem.com High Performance Research Center
If a group of N persons implements a COBOL compiler, there will be N-1
passes. Someone in the group has to be the manager.
-- T. Cheatham